Compliance Scanning (HIPAA & GDPR)
seeshare's Professional tier includes automated compliance scanning that maps security findings to HIPAA and GDPR regulatory requirements. This article explains what each framework covers, how to view your compliance scorecard after a scan, and how to generate audit-ready compliance reports.
Compliance Scanning (HIPAA & GDPR)
seeshare's Professional tier includes automated compliance scanning that maps your security findings to specific regulatory requirements. Currently supported frameworks are HIPAA and GDPR.
HIPAA Compliance
HIPAA compliance scanning focuses on the Technical Safeguards required under §164.312. seeshare automatically maps scan findings to these controls, covering access control (authentication bypass, default credentials, weak auth, exposed admin interfaces, and unprotected API endpoints), unique user identification, emergency access procedures, automatic logoff and session timeout, encryption and decryption, audit controls, data integrity, entity authentication, and transmission security including SSL/TLS configuration.
To use it, run a scan on your domain on the Professional tier, then navigate to the compliance section in your domain's findings. You'll see a HIPAA compliance scorecard showing which controls are passing, failing, or partially met, along with remediation guidance for each failing control.
GDPR Compliance
GDPR compliance scanning checks your website against key Articles of the General Data Protection Regulation, including integrity and confidentiality (Article 5), lawfulness of processing and cookie consent (Articles 6 and 7), privacy policy presence and transparency (Articles 12 and 13), data protection by design (Article 25), security of processing including encryption, SQL injection, XSS, and access control (Article 32), breach detection and logging (Article 33), and third-party trackers and cross-border data transfers (Article 44).
To use it, run a scan on your Professional tier domain, navigate to the compliance section, and review your GDPR scorecard with findings mapped to each Article. Prioritize remediation based on control importance and risk.
Generating Compliance Reports
Go to the domain detail page, open the Reports tab, and download the compliance-focused PDF report. Reports are audit-ready and include an overall compliance score per framework, pass/fail status for each control, detailed findings mapped to specific regulatory requirements, remediation guidance with effort estimates and timeframes, and evidence documentation suitable for auditors.
Best Practices
Run compliance scans before audits to identify and fix gaps early. Use the remediation guidance to prioritize fixes by regulatory importance. Schedule regular scans — weekly or monthly — to maintain continuous compliance. Keep PDF reports for your compliance documentation and audit trail. For HIPAA, address Required controls before Addressable ones.